CVE-2007-3040
Microsoft Agent - 'agentdpv.dll' ActiveX Control Malformed URL Stack Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
Un desbordamiento de búfer en la región stack de la memoria en la biblioteca agentdpv.dll versión 2.0.0.3425 en Microsoft Agent en Windows 2000 SP4, permite a los atacantes remoto ejecutar código arbitrarios por medio de una URL creada para el control ActiveX del Agente (Agent.Control), que activa un desbordamiento dentro del proceso Agent Service (agentsrv.exe), un problema diferente del CVE-2007-1205.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-06-05 CVE Reserved
- 2007-09-11 CVE Published
- 2007-09-11 First Exploit
- 2024-07-16 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=592 | Third Party Advisory | |
http://securityreason.com/securityalert/3124 | Third Party Advisory | |
http://securitytracker.com/id?1018677 | Vdb Entry | |
http://www.kb.cert.org/vuls/id/716872 | Third Party Advisory | |
http://www.osvdb.org/36934 | Vdb Entry | |
http://www.securityfocus.com/archive/1/479096/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/25566 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA07-254A.html | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/35752 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2116 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/30567 | 2007-09-11 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/26753 | 2018-10-16 |
URL | Date | SRC |
---|---|---|
http://www.vupen.com/english/advisories/2007/3113 | 2018-10-16 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-051 | 2018-10-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
|